CN103560918B - Method and system for managing CPE port - Google Patents
Method and system for managing CPE port Download PDFInfo
- Publication number
- CN103560918B CN103560918B CN201310571395.6A CN201310571395A CN103560918B CN 103560918 B CN103560918 B CN 103560918B CN 201310571395 A CN201310571395 A CN 201310571395A CN 103560918 B CN103560918 B CN 103560918B
- Authority
- CN
- China
- Prior art keywords
- port
- cpe
- security configuration
- order
- acs
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method and system for managing a CPE port, and relates to the application field of electronic terminals. In the managing process of the CPE port, the CPE port can be quickly and effectively managed, and the management efficiency of the CPE port is improved. According to the method, a network management system sends a received operation instruction input by a user to an ACS, the operation instruction is packed to form a set request message through the ACS, the set request message is sent to a CPE, the CPE combines port safe configuration commands in the set request message according to the type of the CPE port, then the combined port safe configuration commands are executed, and accordingly safety management of the CPE port is achieved. The method and system are mainly used for the management procedure of the CPE port.
Description
Technical field
A kind of the present invention relates to electric terminal application, more particularly to managing customer terminal unit CPE(Customer
Premise Equipment) port method and system.
Background technology
At present, with the popularization of broadband access, ip voice (VoIP), IPTV service are developed rapidly, increasing IP
Terminal unit is introduced in home and enterprise networks.Traditional webmaster based on Simple Network Management Protocol SNMP is in management number
During the numerous CPE of mesh, demand can not have been met.So effectively implementing the management to subscriber terminal equipment, become and urgently solve
Problem certainly.In numerous ports on the CPE, during the safety management of CPE to be realized, just must be one by one to the end on CPE
Mouth carries out port security configuration, when the security configuration of CPE port is changed, needs to perform order one by one, carries out port security and match somebody with somebody
The modification put.For example, the port for changing a CPE is turned on or off, and is be connected to the CPE's by way of telnet
IP, is manually input into the mode of order, modification and the open and close of management CPE port, and the same safety management to CPE is tied up
Fixed is similarly to need to be manually entered and perform order one by one.So one by one carry out port security configuration, and then CPE according to
The input at family carries out execution setting command, cumbersome, complicated, the problem that the CPE port efficiency of management can be caused low one by one.
The content of the invention
Embodiments of the invention provide a kind of method and system of management CPE port, are carrying out CPE port management process
In, CPE port can be quickly and efficiently managed, the efficiency of management of CPE port is improve.
For reaching above-mentioned purpose, embodiments of the invention are adopted the following technical scheme that:
A kind of method of management CPE port, including:
The operational order of NMS receive user, the operational order include the user resident to be configured of selection
Equipment CPE and security configuration rule, the security configuration rule at least include port-mark to be placed, port security configuration life
Order;The operational order is sent to access control server ACS by NMS, and the ACS is according to remote procedure call
The operational order is packaged into setting request message by RPC, and the setting request message is sent to the CPE;
The CPE receives the setting request message from the ACS;
The CPE merges the port security configuration order according to port type;
The CPE performs the port security configuration order after merging.
A kind of system of management CPE port, including:Including:NMS, access control server ACS and user
Premises equipment CPE;The CPE includes receiving unit, combining unit and performance element;
The NMS is used for the operational order of receive user, and the operational order includes the to be configured of selection
Customer premises equipment, CPE CPE and security configuration rule, the security configuration rule at least include port-mark to be placed, port security
Configuration order;It is additionally operable to for the operational order to be sent to the ACS;
The ACS for the operational order is packaged into setting request message according to remote procedure call, and by institute
State setting request message and be sent to the CPE;
The receiving unit, for receiving the setting request message;
The combining unit, for according to port type, merging the port security configuration that the receiving unit is received
Order;
The performance element, for performing the port security configuration order after the combining unit merges.
The method and system of management CPE port provided in an embodiment of the present invention, it is defeated that NMS will receive user
The operational order for entering is sent to ACS(Access Control Sever, access control server), and then the operation refers to by ACS
Order is packaged into setting request message, and the setting request message is sent to CPE, and CPE merges this and sets according to CPE port type
The port security configuration order in request message is put, and then performs the port security configuration order after the merging, it is right so as to realize
The safety management of CPE port.Technical scheme provided in an embodiment of the present invention, during CPE port management, by merging port
Security configuration order, can fast and effectively manage CPE port, it is to avoid in the prior art, CPE must be performed one by one and be connect
The port security configuration order for receiving, and the low problem of the CPE port efficiency of management that causes.
Description of the drawings
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
Accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
A kind of method flow diagram of management CPE port that Fig. 1 is provided for one embodiment of the invention;
The method flow diagram of another kind of management CPE port that Fig. 2 is provided for another embodiment of the present invention;
A kind of composition schematic diagram of the system of management CPE port that Fig. 3 is provided for another embodiment of the present invention;
The composition schematic diagram of the system of another kind of management CPE port that Fig. 4 is provided for another embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than the embodiment of whole.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
One embodiment of the invention provides a kind of method of management CPE port, as shown in figure 1, the method includes:
101st, the operational order of NMS receive user, and the operational order is sent to into ACS.
Wherein, operational order includes customer premises equipment, CPE CPE to be configured and the security configuration rule of selection, and safety is matched somebody with somebody
Putting rule at least includes port-mark to be placed, port security configuration order.
102nd, ACS is according to remote procedure call(Remote Procedure Call)Operational order is packaged into into setting
Request message, and the setting request message is sent to into CPE.
103rd, CPE is received and is arranged request message.
104th, CPE merges port security configuration order according to port type.
Wherein, the port type of CPE middle ports is identical or different, each unique port-mark of port correspondence, this
Bright embodiment does not limit the form of expression of port-mark.
What deserves to be explained is, port security configuration order ECDC is simultaneously rear to form new port security configuration order, and performing should
Time and system resource needed for new port security configuration order, less than the port security configuration order performed before merging
Execution amount required for time and system resource.
105th, CPE performs the port security configuration order after merging.
The method of management CPE port provided in an embodiment of the present invention, NMS will receive the behaviour of user input
ACS is sent to as instruction, and then the operational order is packaged into setting request message by ACS, and the setting request message is sent
To CPE, CPE merges the port security configuration order in the setting request message, and then performs the conjunction according to CPE port type
And after port security configuration order, so as to realize the safety management to CPE port.Technical side provided in an embodiment of the present invention
Case, during CPE port management, by merging port security configuration order, can fast and effectively managing CPE port,
Avoid in the prior art, CPE must perform the port security configuration order for receiving one by one, and the CPE port for causing is managed
The low problem of efficiency.
Another embodiment of the present invention provides a kind of method of management CPE port, as shown in Fig. 2 the method includes:
201st, by NMS, the operational order of receiving user's input, and the operational order is sent to into ACS.
The operational order is identical with the associated description in a upper embodiment 101, is not repeated.Wherein, port
Security configuration order includes setting command and querying command.
Optionally, according to practical situation, the operational order can also include remaining information, and the embodiment of the present invention is to the operation
The content that instruction is included is not limited.
Preferably, for streamline operation, expand the applicable user scope of the method, user can pass through web interface
Mode, in the NMS be input into aforesaid operations instruction.
202nd, the operational order for receiving is packaged into setting request message by ACS, and the setting request message is sent to
CPE。
Wherein, the RPC methods that request message is self-defined extension are set.
What deserves to be explained is being, in above-mentioned encapsulation process, the CPE for different model to be ordered to port security configuration
Order carries out legitimate verification.
Preferably, the setting request message is sent to CPE by TR069 agreements by ACS, and the TR069 agreements are used for managing
With configuration CPE.
Optionally, _ 00017A_ShowStatus may be defined as by the RPC methods that operational order is packaged into, has
Body, should _ content format of 00017A_ShowStatus is as follows:
<cwmp:X_00017A_ShowStatus>// method name;
<CommandKey>mp123456</CommandKey>// serial number asked is set every time, so as to show request
The uniqueness of setting action, and then its corresponding implementing result is got by the value;
<ErrorOption>rollback</ErrorOption>// when there is mistake in setting up procedure, realize with putting back into
Return;
<ExecCommandList array of strings[1..unbounded]each of length256>// please
Seek the type of every parameter object in parameter sets;
<string>port0/0,0/1,0/2,0/3,0/4,0/5,0/6,0/7802.1X enable</string>// set
Put the security command of port;
<string>sh port br</string>The viewing command of // setting port;
<string>port0/8802.1X disenable/string>// send wrong setting command.
</ExecCommandList>
</cwmp:X_00017A_ShowStatus>
203rd, CPE receives and parses through the RPC methods, and the form to the RPC methods after parsing is checked.
204th, after format checking passes through, CPE merges the port security configuration order in the RPC methods.
Specifically, merging the port security configuration order includes:
Port security configuration order is ranked up according to preset rules, i.e. according to the type of port, marks off and belong to same
The port security configuration order of one type, is each port assignment port security configuration order according to port-mark to be placed, enters
One step, as a example by arranging a port, to port security configuration order sequence, while the port security for deleting content mutual exclusion is matched somebody with somebody
Put order.
What deserves to be explained is, above-mentioned sorts to port security configuration order so that these port security configuration orders exist
Correspond on CPE in different modules, and then CPE could enter according to different modules to the port security configuration order after merging
Row validity checking, that is to say, that during CPE can be according to port security configuration order of the default judgment rule from after merging, really
Make the port security configuration order for meeting the default judgment rule.
Preferably, the default judgment rule includes regular expression, then it is legal now to be determined by default judgment rule
Port security configuration order is specifically included:The order check item of each module of bottom is called, and according to the mode of regular expression
Whether the port security configuration order after checking merges is legal.
Optionally, after port security configuration order after merging verifies legitimacy by regular expression, protect respectively
Deposit the port security configuration order of legitimacy success and failure.
Specifically, include during above-mentioned 203,204 are performed, by the order for receiving, according to different ports
Merge, need to delete the order of content mutual exclusion during merging, it is to avoid perform the wasting of resources that invalid operation is caused,
And then the order being configured is placed on before querying command, to first carry out setting command during execution.
205th, CPE inquiries port security controlled state, performs on port and was not provided with and legal order.
What deserves to be explained is, when carrying out above-mentioned port security controlled state and inquiring about, for the port configured mistake
Order be no longer configured operation.
Preferably, when CPE performs these orders on port, setting command is first carried out, then performs querying command.
206th, CPE obtains the result after performing order, feeds back to NMS by ACS.
Preferably, all results that CPE can be performed after the security configuration order of port merge, and by the place after merging
Reason result is sent to ACS.
Optionally, method provided in an embodiment of the present invention, further comprises the error handling mechanism of operational order, processes and hold
The problem being likely to occur in row setting up procedure.Specially:ErrorOption includes stop, continue, rollback.
Wherein, stop represents that appearance mistake stops execution task immediately;After continue represents appearance mistake, still perform
Task;After rollback represents appearance mistake, the configuration before rollback.
What deserves to be explained is, with reference to above-mentioned error handling mechanism, it is necessary to before order is performed, current to CPE
Configuration is backed up temporarily, so could be when order execution occurs unsuccessfully needing order rollback, can be by backing up back temporarily
It is multiple.
Another embodiment of the present invention provides a kind of system of management CPE port, as shown in figure 3, the system includes:Network
Management system 01, access control server ACS02, CPE03;Wherein, customer premises equipment, CPE CPE03 includes receiving unit 31, closes
And unit 32, performance element 33.
Operational order is simultaneously sent to ACS02 by NMS 01, the operational order for receive user.
Wherein, operational order includes CPE to be configured and the security configuration rule of selection, and the security configuration rule is at least wrapped
Include port-mark to be placed, port security configuration order.
ACS02, for operational order is packaged into setting request message according to remote procedure call, and this is arranged
Request message is sent to CPE03.
Receiving unit 31, arranges request message for receiving.
Optionally, port security configuration order includes setting command and querying command.
Preferably, the setting request message is sent to CPE03 by ACS02 by TR069 agreements.
Combining unit 32, according to port type, merges the port security configuration order that receiving unit 31 is received.
Performance element 33, for performing the port security configuration order after combining unit 32 merges.
Optionally, combining unit 32, specifically for according to preset rules, to port security configuration order sequence, and deleting
The port security configuration order of content mutual exclusion.
Optionally, as shown in figure 4, the CPE03 also includes:Determining unit 34, acquiring unit 35.
Determining unit 34, it is for before the port security configuration order that performance element 33 performs after merging, single from merging
In port security configuration order after 32 merging of unit, the port security configuration order of default judgment rule is determined for compliance with.
Acquiring unit 35, after the port security configuration order that performance element 33 performs after merging, obtains implementing result, and
The implementing result is fed back to into NMS 01 by ACS02.
Optionally, ACS02, is additionally operable to send to CPE03 to send by TR069 agreements arrange request message.
Wherein, TR069 agreements are used for managing and configuring CPE03.
The system of management CPE port provided in an embodiment of the present invention, NMS will receive the behaviour of user input
ACS is sent to as instruction, and then the operational order is packaged into setting request message by ACS, and the setting request message is sent
To CPE, the combining unit of CPE merges the port security configuration order in the setting request message, enters according to CPE port type
And the port security configuration order after the merging is performed by performance element, so as to realize the safety management to CPE port.The present invention
The technical scheme that embodiment is provided, during CPE port management, by merging port security configuration order, can it is quick,
CPE port is managed effectively, it is to avoid in the prior art, CPE must perform the port security configuration order for receiving one by one, and
The low problem of the CPE port efficiency of management that causes.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can be borrowed
Software is helped to add the mode of required common hardware to realize, naturally it is also possible to which by hardware, but the former is more preferably in many cases
Embodiment.Based on such understanding, the portion that technical scheme is substantially contributed to prior art in other words
Divide and can be embodied in the form of software product, the computer software product is stored in the storage medium that can read, such as count
The floppy disk of calculation machine, hard disk or CD etc., use so that a computer equipment including some instructions(Can be personal computer,
Server, or the network equipment etc.)Perform the method described in each embodiment of the invention.
The above, the only specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained
Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be defined by the scope of the claims.
Claims (8)
1. it is a kind of management CPE port method, it is characterised in that include:
The operational order that NMS receive user is input in the way of web interface, the operational order include selection
Customer premises equipment, CPE CPE to be configured and security configuration rule, security configuration rule at least include port-mark to be placed,
Port security configuration order;
The operational order is sent to access control server ACS by the NMS;
The operational order is packaged into setting request message according to remote procedure call by the ACS, and please by the setting
Message is asked to be sent to the CPE;
The CPE receives the setting request message from the ACS;
The CPE merges the port security configuration order according to port type, including:According to port type, mark off and belong to
Same type of port security configuration order;It is each port assignment port security configuration order according to port-mark to be placed;
To port security configuration order sequence, while deleting the port security configuration order of content mutual exclusion;
The CPE inquires about port security controlled state, performs and be not provided with and legal order on port.
2. it is according to claim 1 management CPE port method, it is characterised in that the CPE perform merge after end
Before mouth security configuration order, also include:
In port security configuration orders of the CPE from after the merging, the port security for being determined for compliance with default judgment rule is matched somebody with somebody
Put order.
3. it is according to claim 2 management CPE port method, it is characterised in that methods described also includes:
The CPE obtains implementing result, and the implementing result is fed back to the NMS by the ACS.
4. the method for the management CPE port according to claims 1 to 3 any one, it is characterised in that methods described is also wrapped
Include:
The ACS sends the setting request message by TR069 agreements to the CPE, the TR069 agreements be used for management and
Configure the CPE.
5. it is a kind of management CPE port system, it is characterised in that include:NMS, access control server ACS and
Customer premises equipment, CPE CPE;The CPE includes receiving unit, combining unit and performance element;
The NMS is used for the operational order that receive user is input in the way of web interface, the operational order bag
Customer premises equipment, CPE CPE to be configured and the security configuration rule of selection is included, the security configuration rule at least includes to be placed
Port-mark, port security configuration order;It is additionally operable to for the operational order to be sent to the ACS;
The ACS is for being packaged into setting request message according to remote procedure call by the operational order, and sets described
Put request message and be sent to the CPE;
The receiving unit, for receiving the setting request message;
The combining unit, for according to port type, merging the port security configuration order that the receiving unit is received,
Including:According to the type of port, mark off and belong to same type of port security configuration order;According to port-mark to be placed it is
Each port assignment port security configuration order;To port security configuration order sequence, while deleting the port peace of content mutual exclusion
Full configuration order;
The performance element, for inquiring about port security controlled state, performs on port and was not provided with and legal order.
6. it is according to claim 5 management CPE port system, it is characterised in that the CPE also includes:
Determining unit, for, before the port security configuration order that the performance element performs after merging, merging single from described
In port security configuration order after unit's merging, the port security configuration order of default judgment rule is determined for compliance with.
7. it is according to claim 6 management CPE port system, it is characterised in that the CPE also includes:
Acquiring unit, after the port security configuration order after the performance element performs the merging, obtains implementing result, and
The implementing result is fed back to into the NMS by the ACS.
8. the system of the management CPE port according to claim 5 to 7 described in any one, it is characterised in that the ACS, also uses
In the setting request message is sent by TR069 agreements to the CPE, the TR069 agreements are used for managing and configuring described
CPE。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310571395.6A CN103560918B (en) | 2013-11-13 | 2013-11-13 | Method and system for managing CPE port |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310571395.6A CN103560918B (en) | 2013-11-13 | 2013-11-13 | Method and system for managing CPE port |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103560918A CN103560918A (en) | 2014-02-05 |
CN103560918B true CN103560918B (en) | 2017-03-22 |
Family
ID=50015073
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310571395.6A Active CN103560918B (en) | 2013-11-13 | 2013-11-13 | Method and system for managing CPE port |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103560918B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105704179B (en) * | 2014-11-26 | 2020-01-31 | 中兴通讯股份有限公司 | remote access channel processing method and device |
CN107579835A (en) * | 2016-07-04 | 2018-01-12 | 中兴通讯股份有限公司 | Wireless gateway device and its implementation |
CN107645391B (en) * | 2016-07-21 | 2022-05-27 | 深圳市中兴通讯技术服务有限责任公司 | Port configuration method and device of interface expansion equipment |
CN111770151B (en) * | 2020-06-24 | 2024-03-15 | 京信网络系统股份有限公司 | Processing method and device for custom flow, electronic equipment and storage medium |
CN113904939B (en) * | 2021-10-27 | 2023-07-28 | 中国联合网络通信集团有限公司 | Method, device and storage medium for managing target terminal |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006116922A1 (en) * | 2005-04-30 | 2006-11-09 | Huawei Technologies Co., Ltd. | A method for configuration management to the customer premises equipment and the system thereof |
CN102013998A (en) * | 2010-11-30 | 2011-04-13 | 广东星海数字家庭产业技术研究院有限公司 | Tr-069 protocol-based management method for realizing home network |
CN103067422A (en) * | 2011-10-19 | 2013-04-24 | 华为终端有限公司 | Business distribution method, business distribution equipment and business distribution system |
-
2013
- 2013-11-13 CN CN201310571395.6A patent/CN103560918B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006116922A1 (en) * | 2005-04-30 | 2006-11-09 | Huawei Technologies Co., Ltd. | A method for configuration management to the customer premises equipment and the system thereof |
CN102013998A (en) * | 2010-11-30 | 2011-04-13 | 广东星海数字家庭产业技术研究院有限公司 | Tr-069 protocol-based management method for realizing home network |
CN103067422A (en) * | 2011-10-19 | 2013-04-24 | 华为终端有限公司 | Business distribution method, business distribution equipment and business distribution system |
Also Published As
Publication number | Publication date |
---|---|
CN103560918A (en) | 2014-02-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103560918B (en) | Method and system for managing CPE port | |
US9917845B2 (en) | Link discovery method and apparatus | |
EP3373518B1 (en) | Service configuration method and device for network service | |
WO2017036288A1 (en) | Network element upgrading method and device | |
CN105228121B (en) | Subscriber management using REST-like interface | |
WO2022033121A1 (en) | Method and system for resource exposure in kubernetes, and device and medium | |
US11503027B2 (en) | Validating configuration changes on a network device | |
WO2018010555A1 (en) | Northbound interface lte service automatic configuration method, northbound interface apparatus, and storage medium | |
EP2582089A1 (en) | System and method for implementing automatic configuration for equipments | |
CN108322467B (en) | OVS-based virtual firewall configuration method, electronic equipment and storage medium | |
EP2512064A1 (en) | Data configuration method and apparatus | |
US20030154380A1 (en) | Controlling usage of network resources by a user at the user's entry point to a communications network based on an identity of the user | |
US20160308759A1 (en) | Flow table matching method and apparatus, and openflow switching system | |
WO2003067372A2 (en) | Controlling concurrent usage of network resources by multiple users at an entry point to a communications network based on identities of the users | |
EP2547043B1 (en) | Method, apparatus and system for deploying layer 2 network device | |
CN106789527A (en) | The method and system that a kind of private line network is accessed | |
WO2017162030A1 (en) | Method and apparatus for generating virtual network | |
US7855972B2 (en) | Creating, modifying and storing service abstractions and role abstractions representing one or more packet rules | |
WO2011085698A1 (en) | Method for controlling resources on shared network element, shared network element and relevant device | |
WO2017166542A1 (en) | Worksheet processing method and device | |
WO2024148833A1 (en) | Container multi-network-interface-card network configuration method, apparatus, and device, and storage medium | |
WO2008116405A1 (en) | Method for achieving a service request and online command system | |
CN113542421A (en) | Data forwarding method and device based on 5G user plane functional entity | |
Cisco | Release Notes for Catalyst 6000/6500 Software Release 7.x | |
Cisco | Cisco NSM 4.3 Release Notes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |